BMG v. Cox: ISPs Can Make Their Own Repeat-Infringer Policies, But the Fourth Circuit Wants A Higher "Body Count"

Last week’s BMG v. Cox decision has gotten a lot of attention for its confusing take on secondary infringement liability, but commentators have been too quick to dismiss the implications for the DMCA safe harbor. Internet service providers are still not copyright police, but the decision will inevitably encourage ISPs to act on dubious infringement complaints, and even to kick more people off of the Internet based on unverified accusations.

This long-running case involves a scheme by copyright troll Rightscorp to turn a profit for shareholders by demanding money from users whose computer IP addresses were associated with copyright infringement. Turning away from the tactic of filing lawsuits against individual ISP subscribers, Rightscorp began sending infringement notices to ISPs, coupled with demands for payment, and insisting that ISPs forward those notices to their customers. In other words, Rightscorp and its clients, including BMG, sought to enlist ISPs to help coerce payments from Internet users, threatening the ISPs themselves with an infringement suit if they don’t join in. Cox, a midsize cable operator and ISP, pushed back and was punished for it.

Before the suit, Cox had quite reasonably decided to stick up for its customers by refusing to forward Rightscorp’s money demands. Going along would have put Cox’s imprimatur on Rightscorp’s vaguely worded threats. The Digital Millennium Copyright Act safe harbors, which protect ISPs and other Internet services from copyright liability, don’t require ISPs who simply transmit data to respond to infringement notices, much less forward them.

Unfortunately, Cox failed to comply with another of the DMCA’s requirements. To receive protection, an ISP must “reasonably implement” a policy for terminating “subscribers and account holders” who are “repeat infringers” in “appropriate circumstances.” Past decisions haven’t defined what “appropriate circumstances” are, but they do make clear that a repeat infringer policy has to be more than mere lip service. Cox’s defense foundered—as many do—on a series of unfortunate emails. As shown in court, Cox employees discussed receiving many infringement notices for the same subscriber, and giving repeated warnings to those subscribers, but never actually terminating them, or terminating them only to reconnect them immediately. The emails painted a picture of a company only pretending to observe the repeat-infringer requirement, while maintaining a real policy of never terminating subscribers. The reason, said the Cox employees to one another, was to eke out a bit more revenue.

Despite the emails, BMG’s case had a weakness: the notices from Rightscorp and others were mere accusations of infringement, their accuracy and veracity far from certain. Nothing in the DMCA requires an ISP to kick customers off the Internet based on mere accusations. What’s more, the “appropriate circumstances” for terminating someone’s entire Internet connection are few and far between, given the Internet’s still-growing importance in daily life. As the Supreme Court wrote last year, “Cyberspace . . . in general” and “social media in particular” are “the most important places (in a spatial sense) for the exchange of views.” Even more than a website or social network, an ISP can and should save termination for the most egregious violations, backed by substantial evidence.

The Court of Appeals for the Fourth Circuit acknowledged this, to a point. The court was “mindful of the need to afford ISPs flexibility in crafting repeat infringer policies, and of the difficulty of determining when it is ‘appropriate’ to terminate a person’s access to the Internet.” The court ruled that Cox had lost its safe harbor, not because its termination policy was too lenient, but because it failed to implement its own policy. “Indeed,” wrote the court, “in carrying out its thirteen-strike process, Cox very clearly determined not to terminate subscribers who in fact repeatedly violated the policy.”

The court also ruled that “repeat infringer” isn’t limited to those who are found liable by a court. But the court stopped short of holding that mere accusations should lead to terminations. The court pointed to “instances in which Cox failed to terminate subscribers whom Cox employees regarded as repeat infringers” after conversations with those subscribers, implying that they, at least, should have been terminated.

The court should have stopped there. Unfortunately, it also pointed to the number of actual suspensions Cox engaged in—less than one per month, compared to thousands of warnings and temporary suspensions—as a factor in denying Cox the safe harbor. That focus on “body counts” ignores the reality that terminating home Internet service is akin to “cutting off someone's water." And the court didn’t acknowledge that Cox’s decision to stop accepting Rightscorp’s notices—which included demands for money—protected Cox customers from an exploitative “speculative invoicing” business.

So where does this decision leave ISPs? Certainly, they should not repeat Cox’s mistake by making it clear that their termination policy is an illusion. But nothing in the decision forbids an ISP from standing up for its customers by demanding strong and accurate evidence of infringement, and reserving termination for the most egregious cases—even if that makes actual terminations extremely rare.

The case isn’t over; losing the DMCA safe harbor doesn’t mean that Cox is liable for copyright infringement by its customers. BMG still needs to show that Cox is liable under the contributory, vicarious, or inducement theories that apply to all service providers. The Fourth Circuit ruled that the jury got the wrong instructions, and that contributory liability requires more than a finding that Cox “should have known” about customers’ infringement. Because of that faulty instruction, the appeals court sent the case back for a new trial. The court’s ruling on inducement liability was confusing, as it seemed to conflate “intent” with “knowledge.” It’s important that the courts treat secondary liability doctrines thoughtfully and clearly, as they have a profound effect on how Internet services are designed and what users can do on them. That’s why, while we expect to see more suits like this, we hope that ISPs will continue to stand up for their users as Cox has in defending this one.

Related Updates

YouTube has taken a stand against a particularly pernicious copyright troll who was not only abusing the takedown system to remove content but was also using it in an extortion scam. While this gives the weight—and resources—of a large corporation in a fight that will benefit users, it also serves...

The Senate Judiciary Committee intends to vote on the CASE Act, legislation that would create a brand new quasi-court for copyright infringement claims. We have expressed numerous concerns with the legislation, and serious problems inherent with the bill have not been remedied by Congress before moving it forward. In...

A federal judge has ruled that litigation can go forward to determine whether Section 1201 of the Digital Millennium Copyright Act violates the First Amendment as applied. EFF brought this litigation on behalf of security researcher Matt Green, technologist bunnie Huang, and bunnie's company Alphamax, in order to...

We’re taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of copyright law and policy, and addressing what's at stake, and what we need to do to make...

How is the Internet different from what came before? We’ve had great art, music, film, and writing for far longer than we’ve had the World Wide Web. What we didn’t have were global conversations and collaborations that millions can participate in. The Internet has lowered barriers to participation in culture...

Every now and then we have to remind someone that it's not illegal for people to report facts that they dislike. This time, the offender is electric scooter rental company Bird Rides, Inc. Electric scooters have swamped a number of cities across the US, many of the scooters carelessly discarded...

Washington, D.C.—The Electronic Frontier Foundation won petitions submitted to the Library of Congress that will make it easier for people to legally remove or repair software in the Amazon Echo, in cars, and in personal digital devices, but the library refused to issue the kind of broad, simple and robust...

There’s a lot of talk these days about “content moderation.” Policymakers, some public interest groups, and even some users are clamoring for intermediaries to do “more,” to make the Internet more “civil,” though there are wildly divergent views on what that “more” should be. Others vigorously oppose such moderation, arguing...

Have you ever wanted to talk with the Electronic Frontier Foundation about the risks of talking in public about security issues, especially in connected Internet of Things devices? Tomorrow, you'll get your chance. Information security has never been more important: now that everything from a car to a voting...

Congress has never made a law saying, "Corporations should get to decide who gets to publish truthful information about defects in their products,"— and the First Amendment wouldn't allow such a law — but that hasn't stopped corporations from conjuring one out of thin air, and then defending it as...